Re: [exim] Does exim4's `${sqlite_quote ... }` expansion de-…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jeremy Harris
Dátum:  
Címzett: Nick, Nick via Exim-users, exim-users
Tárgy: Re: [exim] Does exim4's `${sqlite_quote ... }` expansion de-taint the expanded value?
On 19 August 2022 17:04:22 BST, Nick via Exim-users <exim-users@???> wrote:
>Hello Exim users,
>
>I've a problem with Sqlite lookups and tainting.


>> My suspicion therefore is that it's actually the presence of
>> |$local_part| in the query which is the problem, and not the
>filename


>Is anyone here able to help with this question?



See the preferred syntax at

http://exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECTsqlite

The older syntax was unsuitable
for distinguishing the taint status of
the filename and the query string.